CVE-2023-28769Classic Buffer Overflow in Zyxel Dx5401-b0 Firmware

CWE-120Classic Buffer Overflow4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
70.3%
top 1.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zyxel Dx5401-b0 Firmware
Timeline
PublishedApr 27
Latest updateJul 6

Description

The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5zyxel/dx5401-b0_firmware< V5.17(ABYO.1)C0
NVDzyxel/dx5401-b0_firmware< 5.17\(abyo.1\)c0

🔴Vulnerability Details

3
GHSA
GHSA-xg39-26cw-gxj9: The buffer overflow vulnerability in the library “libclinkc2023-07-06
CVEList
CVE-2023-28769: The buffer overflow vulnerability in the library “libclinkc2023-04-27
VulnCheck
Zyxel dx5401-b0_firmware Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')2023
CVE-2023-28769 — Classic Buffer Overflow in Zyxel | cvebase